Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xT9F3TI4Mx9iNcY_OPXattqm9Wg.roa
File:                     xT9F3TI4Mx9iNcY_OPXattqm9Wg.roa (raw, json)
Hash identifier:          vQoEdKGbejJQqUWM/wXiS1GYigfmgmJsJS/yY38mL3I=
Subject key identifier:   C5:3F:45:DD:32:38:33:1F:62:35:C6:3F:38:F5:DA:B6:DA:A6:F5:68
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01867E6CAEE48F973FC98B0013AB00B24C6A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xT9F3TI4Mx9iNcY_OPXattqm9Wg.roa
Signing time:             Thu 23 Feb 2023 13:18:17 +0000
ROA not before:           Thu 23 Feb 2023 13:18:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:7e:6c:ae:e4:8f:97:3f:c9:8b:00:13:ab:00:b2:4c:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Feb 23 13:18:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c53f45dd3238331f6235c63f38f5dab6daa6f568
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d6:c7:42:6b:d7:70:71:6a:82:e7:04:40:40:
                    a0:09:82:a3:71:37:68:c7:fe:e1:f8:f6:5a:00:47:
                    f4:19:65:15:80:ce:60:ae:07:f2:a3:87:6d:ea:61:
                    0a:43:8d:9e:ef:14:03:d8:b7:ab:84:6f:02:88:e9:
                    b0:cc:74:bb:e8:bd:5e:7d:6a:e9:4e:dc:11:7e:02:
                    df:74:5d:40:3a:ac:23:f1:89:7f:1b:22:5e:0f:4a:
                    37:c0:da:4b:50:76:ca:b6:ce:1b:55:d5:a7:9a:d6:
                    40:6e:5f:e9:fe:6b:15:ba:a2:2f:8b:68:0d:79:40:
                    d2:a1:e4:ac:d2:cd:2c:62:f6:7a:50:9d:fb:f1:b2:
                    0f:de:f0:54:40:d5:2d:d9:fb:7d:cb:0e:8c:7e:e5:
                    81:06:c4:d4:ff:45:80:dc:2b:34:3a:09:d0:58:44:
                    07:7e:71:cb:db:74:b7:59:c2:dd:fd:de:fa:19:9d:
                    5e:fc:2f:1c:4f:4f:87:45:07:f6:ec:c2:49:70:9c:
                    ac:08:1b:a0:bd:c3:88:f9:5d:0d:94:f5:2a:70:7c:
                    0b:b0:79:6b:54:09:3d:df:ea:2d:1f:26:04:c6:8a:
                    51:ea:55:fb:ae:12:44:66:a4:96:bb:3d:dc:66:b3:
                    28:84:52:af:4d:e3:45:28:25:b1:70:5f:84:0b:b8:
                    e0:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:3F:45:DD:32:38:33:1F:62:35:C6:3F:38:F5:DA:B6:DA:A6:F5:68
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xT9F3TI4Mx9iNcY_OPXattqm9Wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:ec:3b:fe:c2:c3:bc:3e:30:b4:e0:ce:db:a1:01:1f:c7:82:
         59:73:b5:d0:98:e4:01:2e:5d:c9:92:58:6b:18:93:47:2a:42:
         1c:bd:fc:20:bf:7d:0a:29:e2:ca:e8:98:4e:fe:49:50:c1:f0:
         cf:1f:2a:ea:ae:18:9e:00:40:ed:3b:68:be:0a:a7:84:de:f7:
         5d:39:ac:74:3a:c3:2b:9a:55:bf:b6:b3:aa:53:13:f9:12:60:
         fd:09:08:91:95:17:5a:9d:04:04:09:8f:d3:61:3c:b1:66:22:
         f8:0d:c9:13:ed:ad:ef:a3:6a:d1:27:66:36:ec:b3:4d:28:b5:
         c0:b0:a2:57:d3:5d:60:6c:9f:25:4d:14:00:c6:b3:aa:23:c6:
         08:fa:bd:73:55:9d:e1:15:b1:d7:5d:64:ad:76:fa:f0:13:16:
         58:9a:45:05:7a:e5:11:87:46:02:01:b8:5b:2d:ed:a4:32:e1:
         3e:59:9d:3a:e8:a0:40:c1:bd:53:55:4c:75:15:01:10:fa:e6:
         77:eb:cf:9e:9f:cb:95:0a:07:69:40:d0:21:d2:57:2e:4f:6c:
         44:db:c0:d2:4e:de:b0:69:60:4e:a1:c1:aa:a4:44:6c:2a:37:
         0f:dc:93:8b:5b:be:f4:ca:bf:99:38:2a:ee:5a:93:27:b8:e3:
         c1:af:02:6f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYZ+bK7kj5c/yYsAE6sAskxqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMjIzMTMxODE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTNmNDVkZDMyMzgzMzFmNjIzNWM2M2YzOGY1ZGFiNmRhYTZmNTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldbHQmvXcHFqgucEQECgCYKjcTdo
x/7h+PZaAEf0GWUVgM5grgfyo4dt6mEKQ42e7xQD2LerhG8CiOmwzHS76L1efWrp
TtwRfgLfdF1AOqwj8Yl/GyJeD0o3wNpLUHbKts4bVdWnmtZAbl/p/msVuqIvi2gN
eUDSoeSs0s0sYvZ6UJ378bIP3vBUQNUt2ft9yw6MfuWBBsTU/0WA3Cs0OgnQWEQH
fnHL23S3WcLd/d76GZ1e/C8cT0+HRQf27MJJcJysCBugvcOI+V0NlPUqcHwLsHlr
VAk93+otHyYExopR6lX7rhJEZqSWuz3cZrMohFKvTeNFKCWxcF+EC7jgIwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMU/Rd0yODMfYjXGPzj12rbapvVoMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveFQ5RjNUSTRNeDlpTmNZX09QWGF0dHFtOVdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABDsO/7Cw7w+MLTgztuh
AR/HgllztdCY5AEuXcmSWGsYk0cqQhy9/CC/fQop4sromE7+SVDB8M8fKuquGJ4A
QO07aL4Kp4Te9105rHQ6wyuaVb+2s6pTE/kSYP0JCJGVF1qdBAQJj9NhPLFmIvgN
yRPtre+jatEnZjbss00otcCwolfTXWBsnyVNFADGs6ojxgj6vXNVneEVsdddZK12
+vATFliaRQV65RGHRgIBuFst7aQy4T5ZnTrooEDBvVNVTHUVARD65nfrz56fy5UK
B2lA0CHSVy5PbETbwNJO3rBpYE6hwaqkRGwqNw/ck4tbvvTKv5k4Ku5akye448Gv
Am8=
-----END CERTIFICATE-----
Generated at Fri May 2 00:08:16 2025 by rpki-client